f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba.exe
Size

38KB
MD5

0697c020d1bd0dd87a9532b41b56feb3
SHA1

2d3c857b5921bc74ed4a7140aec164f760c51c24
SHA256

f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba
SHA512

b7bff012e7a8145c82bcc15e871f412fc535933dde710cc4a76a05a99b3be6d4fb32700a953d002718167a484fd26ab8ed5e8f64e4157a92df4a6638ccbc753a
SSDEEP

768:IM0ZiLCWwJjjZLnzbo41ffARvij8GnGu6UoOor:D0kLCtJBnbo4+i9GtPr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2472	defupdater.exe

Loads dropped DLL 1 IoCs

pid	Process
2116	f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2472	2116	f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba.exe	28
PID 2116 wrote to memory of 2472	2116	f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba.exe	28
PID 2116 wrote to memory of 2472	2116	f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba.exe	28
PID 2116 wrote to memory of 2472	2116	f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba.exe	28
PID 2116 wrote to memory of 2472	2116	f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba.exe	28
PID 2116 wrote to memory of 2472	2116	f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba.exe	28
PID 2116 wrote to memory of 2472	2116	f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba.exe	28

C:\Users\Admin\AppData\Local\Temp\f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba.exe
"C:\Users\Admin\AppData\Local\Temp\f5f5f3170aea3a9b90fead4f2df15039595b7e2c4d194cc719f647409ab5a7ba.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\defupdater.exe
  "C:\Users\Admin\AppData\Local\Temp\defupdater.exe"
  2⤵
  - Executes dropped EXE
  PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\defupdater.exe

Filesize
38KB

MD5
ffc1251ed6527d425dbf62e4fa4e14d7

SHA1
9293fbd63db3918e93f27b1960ce381ca867863a

SHA256
9542f211206f4c393d4e06b70b5d185fc147e577265afe44ec086d51e192e438

SHA512
c96d751741a4b79828cfaca1ebfa7e7139c53a3804e7208d38d27fcc9bcd35f0f357222518ae98bec7a27022b852597b347b0c8a4cca0e4dba639da1cf489101

Download Submit
memory/2116-1-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/2472-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download